Filtered by vendor Loadedcommerce
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66572 | 1 Loadedcommerce | 1 Loaded Commerce | 2025-12-05 | N/A |
| Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter. | ||||
| CVE-2014-5140 | 1 Loadedcommerce | 1 Loaded7 | 2024-11-21 | 8.8 High |
| The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book. | ||||
Page 1 of 1.